remove most containers/image usage from imageutil.Cache interface

joelanford · joelanford · commit 19096227726d · 2025-02-07T14:37:29.000-05:00
Signed-off-by: Joe Lanford &lt;joe.lanford@gmail.com&gt;
diff --git a/catalogd/internal/controllers/core/clustercatalog_controller_test.go b/catalogd/internal/controllers/core/clustercatalog_controller_test.go
@@ -5,15 +5,16 @@ import (
 	"errors"
 	"fmt"
 	"io/fs"
+	"iter"
 	"net/http"
 	"testing"
 	"testing/fstest"
 	"time"
 
 	"github.com/containers/image/v5/docker/reference"
-	"github.com/containers/image/v5/types"
 	"github.com/google/go-cmp/cmp"
 	"github.com/google/go-cmp/cmp/cmpopts"
+	ocispecv1 "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"k8s.io/apimachinery/pkg/api/meta"
@@ -59,7 +60,7 @@ func (ms *MockCache) Fetch(_ context.Context, _ string, _ reference.Canonical) (
 	panic("not implemented")
 }
 
-func (ms *MockCache) Store(_ context.Context, _ string, _ reference.Named, _ reference.Canonical, _ types.Image, _ types.ImageSource) (fs.FS, time.Time, error) {
+func (ms *MockCache) Store(_ context.Context, _ string, _ reference.Named, _ reference.Canonical, _ ocispecv1.Image, _ iter.Seq[imageutil.LayerData]) (fs.FS, time.Time, error) {
 	panic("not implemented")
 }
 
diff --git a/internal/util/image/disk_cache.go b/internal/util/image/disk_cache.go
@@ -5,16 +5,14 @@ import (
 	"errors"
 	"fmt"
 	"io/fs"
+	"iter"
 	"os"
 	"path/filepath"
 	"slices"
 	"time"
 
 	"github.com/containerd/containerd/archive"
 	"github.com/containers/image/v5/docker/reference"
-	"github.com/containers/image/v5/pkg/blobinfocache/none"
-	"github.com/containers/image/v5/pkg/compression"
-	"github.com/containers/image/v5/types"
 	"github.com/opencontainers/go-digest"
 	ocispecv1 "github.com/opencontainers/image-spec/specs-go/v1"
 	"sigs.k8s.io/controller-runtime/pkg/log"
@@ -85,27 +83,41 @@ func (a *diskCache) unpackPath(id string, digest digest.Digest) string {
 	return filepath.Join(a.idPath(id), digest.String())
 }
 
-func (a *diskCache) Store(ctx context.Context, id string, srcRef reference.Named, canonicalRef reference.Canonical, img types.Image, imgSrc types.ImageSource) (fs.FS, time.Time, error) {
-	var filter archive.Filter
+func (a *diskCache) Store(ctx context.Context, id string, srcRef reference.Named, canonicalRef reference.Canonical, imgCfg ocispecv1.Image, layers iter.Seq[LayerData]) (fs.FS, time.Time, error) {
+	var applyOpts []archive.ApplyOpt
 	if a.filterFunc != nil {
-		var err error
-
-		imgCfg, err := img.OCIConfig(ctx)
-		if err != nil {
-			return nil, time.Time{}, fmt.Errorf("error parsing image config: %w", err)
-		}
-
-		filter, err = a.filterFunc(ctx, srcRef, *imgCfg)
+		filter, err := a.filterFunc(ctx, srcRef, imgCfg)
 		if err != nil {
 			return nil, time.Time{}, err
 		}
+		applyOpts = append(applyOpts, archive.WithFilter(filter))
 	}
 
-	modTime, err := a.applyLayersToDisk(ctx, id, canonicalRef, img, imgSrc, filter)
+	dest := a.unpackPath(id, canonicalRef.Digest())
+	if err := fsutil.EnsureEmptyDirectory(dest, 0700); err != nil {
+		return nil, time.Time{}, fmt.Errorf("error ensuring empty unpack directory: %w", err)
+	}
+	modTime, err := func() (time.Time, error) {
+		l := log.FromContext(ctx)
+		l.Info("unpacking image", "path", dest)
+		for layer := range layers {
+			if layer.Err != nil {
+				return time.Time{}, fmt.Errorf("error reading layer[%d]: %w", layer.Index, layer.Err)
+			}
+			if _, err := archive.Apply(ctx, dest, layer.Reader, applyOpts...); err != nil {
+				return time.Time{}, fmt.Errorf("error applying layer[%d]: %w", layer.Index, err)
+			}
+			l.Info("applied layer", "layer", layer.Index)
+		}
+		if err := fsutil.SetReadOnlyRecursive(dest); err != nil {
+			return time.Time{}, fmt.Errorf("error making unpack directory read-only: %w", err)
+		}
+		return fsutil.GetDirectoryModTime(dest)
+	}()
 	if err != nil {
-		return nil, time.Time{}, err
+		return nil, time.Time{}, errors.Join(err, fsutil.DeleteReadOnlyRecursive(dest))
 	}
-	return os.DirFS(a.unpackPath(id, canonicalRef.Digest())), modTime, nil
+	return os.DirFS(dest), modTime, nil
 }
 
 func (a *diskCache) DeleteID(_ context.Context, id string) error {
@@ -130,49 +142,3 @@ func (a *diskCache) GarbageCollect(_ context.Context, id string, keep reference.
 	}
 	return nil
 }
-
-// applyLayersToDisk writes the layers from img and imgSrc to disk using the provided filter.
-// The destination directory will be created, if necessary. If dest is already present, its
-// contents will be deleted. If img and imgSrc do not represent the same image, an error will
-// be returned due to a mismatch in the expected layers. Once complete, the dest and its contents
-// are marked as read-only to provide a safeguard against unintended changes.
-func (a *diskCache) applyLayersToDisk(ctx context.Context, id string, canonicalRef reference.Canonical, img types.Image, imgSrc types.ImageSource, filter archive.Filter) (time.Time, error) {
-	var applyOpts []archive.ApplyOpt
-	if filter != nil {
-		applyOpts = append(applyOpts, archive.WithFilter(filter))
-	}
-
-	dest := a.unpackPath(id, canonicalRef.Digest())
-	if err := fsutil.EnsureEmptyDirectory(dest, 0700); err != nil {
-		return time.Time{}, fmt.Errorf("error ensuring empty unpack directory: %w", err)
-	}
-	l := log.FromContext(ctx)
-	l.Info("unpacking image", "path", dest)
-	for i, layerInfo := range img.LayerInfos() {
-		if err := func() error {
-			layerReader, _, err := imgSrc.GetBlob(ctx, layerInfo, none.NoCache)
-			if err != nil {
-				return fmt.Errorf("error getting blob for layer[%d]: %w", i, err)
-			}
-			defer layerReader.Close()
-
-			decompressed, _, err := compression.AutoDecompress(layerReader)
-			if err != nil {
-				return fmt.Errorf("auto-decompress failed: %w", err)
-			}
-			defer decompressed.Close()
-
-			if _, err := archive.Apply(ctx, dest, decompressed, applyOpts...); err != nil {
-				return fmt.Errorf("error applying layer[%d]: %w", i, err)
-			}
-			l.Info("applied layer", "layer", i)
-			return nil
-		}(); err != nil {
-			return time.Time{}, errors.Join(err, fsutil.DeleteReadOnlyRecursive(dest))
-		}
-	}
-	if err := fsutil.SetReadOnlyRecursive(dest); err != nil {
-		return time.Time{}, fmt.Errorf("error making unpack directory read-only: %w", err)
-	}
-	return fsutil.GetDirectoryModTime(dest)
-}
diff --git a/internal/util/image/pull.go b/internal/util/image/pull.go
@@ -4,7 +4,9 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"io"
 	"io/fs"
+	"iter"
 	"os"
 	"time"
 
@@ -14,10 +16,13 @@ import (
 	"github.com/containers/image/v5/image"
 	"github.com/containers/image/v5/manifest"
 	"github.com/containers/image/v5/oci/layout"
+	"github.com/containers/image/v5/pkg/blobinfocache/none"
+	"github.com/containers/image/v5/pkg/compression"
 	"github.com/containers/image/v5/pkg/sysregistriesv2"
 	"github.com/containers/image/v5/signature"
 	"github.com/containers/image/v5/types"
 	"github.com/go-logr/logr"
+	ocispecv1 "github.com/opencontainers/image-spec/specs-go/v1"
 	"sigs.k8s.io/controller-runtime/pkg/log"
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
 )
@@ -26,9 +31,15 @@ type Puller interface {
 	Pull(context.Context, string, string, Cache) (fs.FS, reference.Canonical, time.Time, error)
 }
 
+type LayerData struct {
+	Reader io.Reader
+	Index  int
+	Err    error
+}
+
 type Cache interface {
 	Fetch(context.Context, string, reference.Canonical) (fs.FS, time.Time, error)
-	Store(context.Context, string, reference.Named, reference.Canonical, types.Image, types.ImageSource) (fs.FS, time.Time, error)
+	Store(context.Context, string, reference.Named, reference.Canonical, ocispecv1.Image, iter.Seq[LayerData]) (fs.FS, time.Time, error)
 	DeleteID(context.Context, string) error
 	GarbageCollect(context.Context, string, reference.Canonical) error
 }
@@ -202,7 +213,41 @@ func (p *ContainersImagePuller) applyImage(ctx context.Context, id string, srcRe
 			panic(err)
 		}
 	}()
-	return cache.Store(ctx, id, srcRef, canonicalRef, img, imgSrc)
+
+	ociImg, err := img.OCIConfig(ctx)
+	if err != nil {
+		return nil, time.Time{}, err
+	}
+
+	layerIter := iter.Seq[LayerData](func(yield func(LayerData) bool) {
+		for i, layerInfo := range img.LayerInfos() {
+			ld := LayerData{Index: i}
+			layerReader, _, err := imgSrc.GetBlob(ctx, layerInfo, none.NoCache)
+			if err != nil {
+				ld.Err = fmt.Errorf("error getting layer blob reader: %w", err)
+				if !yield(ld) {
+					return
+				}
+			}
+			defer layerReader.Close()
+
+			decompressed, _, err := compression.AutoDecompress(layerReader)
+			if err != nil {
+				ld.Err = fmt.Errorf("error decompressing layer: %w", err)
+				if !yield(ld) {
+					return
+				}
+			}
+			defer decompressed.Close()
+
+			ld.Reader = decompressed
+			if !yield(ld) {
+				return
+			}
+		}
+	})
+
+	return cache.Store(ctx, id, srcRef, canonicalRef, *ociImg, layerIter)
 }
 
 func loadPolicyContext(sourceContext *types.SystemContext, l logr.Logger) (*signature.PolicyContext, error) {
